General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Active/Active HA on 7050

I'm getting ready to implement an Active/Active setup on a 7050. What is the best practice for bandwidth over the HA links? I'm more curious about the HA2 and HA3 links.

Preempt Loop Detected

Hi All,I've implemented Active-Passive firewall with preempt options enabled as below :I use Path monitoring to IP B to detect failure. When I shutdown the bridge (device between A and B), the Active device switch to X and A status became non-functional (Path Down).But after A became passive, immediately he request preempt to become active altho...

About Microsoft Vulnerability

Hello all,My customers PA-3020 detected a few Microsoft Vulnerability Threat coming from Inside ( Web server ) to Outside ( Internet ) . We investigated the cause of this , but could not replicate the issue and finding the cause of it. We scanned web server for malware , corrupt jpeg files but it was clean. Detected Vulnerabilities are :Micro...

DNS attack? False positive: urussynonumsantonums.com

Hello,I am new to this realm so please note if I ask alot of questions, you all have the answers. I have a PA device that has been spitting out multiple, multiple, and multiple Threat notices for the above domain: urussynonumsantonums.com. I have seen some threads where PA updated their threat database to 80,000 new entries. Plus there was an e...

Friewall does not send ms-files to wildfire

Hello,i setup wildfire to forward any application, any files so wildfire could test files against malware.I discovered that ms-office files are not sent to wildfire.File blocking rule is set to any/any/both/forwardAntivirus rule is set to block on wildfire for http/smtp/ftpAntivirus rule is set to policy rule.Despite of this i can upload/downloa...

CRA by L1 Bithead
  • 4761 Views
  • 6 replies
  • 0 Likes

Differences between "panHAConfigFailureTrap" and "panHAConfigNotSynchTrap"

HelloI'm working with the trap MIB and I doesn't understand the differences between these one. The descriptions in the MIB file arepanHAConfigFailureTrap: HA configuration push to peer has failedpanHAConfigNotSynchTrap: HA config not automatically synchedCould someone explain me the difference.Best RegardsGonzalo ArroyoAcuntia COS

SOC_CSG by L4 Transporter
  • 3331 Views
  • 2 replies
  • 0 Likes

Filtering or Suppressing OSPF Type-5 LSA's?

Hello,I am working on a network design and have a palo alto firewall that has two areas, 0 inside and 1 outside on the same virtual router. Area 1 has the outside interface of firewall, two routers and then the edge router. OSPF runs on the inside of the internet edge router and BGP with the internet provider. We receive a default route from ...

Panorama Templates best practice?

Currently we are moving our stand alone firewalls to Panorama. We build device groups to manage policies and objects.Now we try to create Templates but we don't know exactly how to use them. We read the following article but it didn't really help: Panorama TemplatesThe main problem is that one device can only be assigned to one Template. So we c...

User-ID Agent Network Sentry

Has anyone had any experience using the User-ID Agent to capture login information from a Bradford Networks Network Sentry NAC? Right now just using a trial PA3050 box but would love to map user ID information if it's a quick setup.

Resolved! How do I enter multiple hosts to the destination field on the CLI

HIWhen I look at the security policy configuration on the CLI, I see that policies that were configured using the GUI appear in the following syntax: destination [ HOST1 HOST2];But when trying to configure a new policy like so I get invalid syntax::[edit]firewall# edit rulebase security[edit rulebase security]firewall# edit rules TESTRULE[edit ...

fmurray by L1 Bithead
  • 6798 Views
  • 4 replies
  • 0 Likes

Resolved! How to notice network admin if someone tries to browse certain websites?

Hi Guys,Our customer uses Palo Alto in an education institute. They want to find out if Palo Alto firewall provides features such that if someone try to access certain website, for example, adult site, suicide site, the firewall will automatically send email to alert the network admin.So far, I haven't found any document about this. But what I c...

MelLi by L2 Linker
  • 7585 Views
  • 5 replies
  • 0 Likes

Has anyone had an issue using FQDN for syslog server setup?

(active-secondary)> ping host any-splunkproxy1.acme.comPING any-splunkproxy1.acme.com (172.17.64.24) 56(84) bytes of data.64 bytes from 172.17.64.24: icmp_seq=1 ttl=60 time=0.603 ms64 bytes from 172.17.64.24: icmp_seq=2 ttl=60 time=0.565 ms64 bytes from 172.17.64.24: icmp_seq=3 ttl=60 time=0.599 ms64 bytes from 172.17.64.24: icmp_seq=4 ttl=60...

  • 24394 Posts
  • 123 Subscriptions
Top Solution Authors
Labels